openSUSE 10 Security Update : kernel (kernel-5339)

high Nessus Plugin ID 33253

Synopsis

The remote openSUSE host is missing a security update.

Description

This kernel update fixes the following security problems:
CVE-2008-2136: A problem in SIT IPv6 tunnel handling could be used by remote attackers to immediately crash the machine.

CVE-2008-1615: On x86_64 a denial of service attack could be used by local attackers to immediately panic / crash the machine.

CVE-2008-2148: The permission checking in sys_utimensat was incorrect and local attackers could change the filetimes of files they do not own to the current time.

CVE-2008-1669: Fixed a SMP ordering problem in fcntl_setlk could potentially allow local attackers to execute code by timing file locking.

CVE-2008-1375: Fixed a dnotify race condition, which could be used by local attackers to potentially execute code.

CVE-2007-6282: A remote attacker could crash the IPSec/IPv6 stack by sending a bad ESP packet. This requires the host to be able to receive such packets (default filtered by the firewall).

CVE-2008-1367: Clear the 'direction' flag before calling signal handlers. For specific not yet identified programs under specific timing conditions this could potentially have caused memory corruption or code execution.

And the following bugs (numbers are https://bugzilla.novell.com/ references) :

- patches.fixes/input-add-amilo-pro-v-to-nomux.patch:
Update the patch to include also 2030 model to nomux list (bnc#389169).

- patches.apparmor/fix-net.diff: AppArmor: fix Oops in apparmor_socket_getpeersec_dgram() (bnc#378608).

- patches.fixes/input-alps-update.patch: Input: fix the AlpsPS2 driver (bnc#357881).

- patches.arch/cpufreq_fix_acpi_driver_on_BIOS_changes.patch: CPUFREQ:
Check against freq changes from the BIOS (334378).

- patches.fixes/ieee1394-limit-early-node-speed-to-host-interf ace-speed: ieee1394: limit early node speed to host interface speed (381304).

- patches.fixes/forcedeth_realtec_phy_fix: Fix a regression to the GA kernel for some forcedeth cards (bnc#379478)

- pci-revert-SMBus-unhide-on-nx6110.patch: Do not unhide the SMBus on the HP Compaq nx6110, it's unsafe.

- patches.drivers/e1000-disable-l1aspm.patch: Disable L1 ASPM power savings for 82573 mobile variants, it's broken (bnc#254713, LTC34077).

- patches.drivers/libata-improve-hpa-error-handling:
libata: improve HPA error handling (365534).

- rpm/kernel-binary.spec.in: Added Conflicts:
libc.so.6()(64bit) to i386 arch (364433).

- patches.drivers/libata-disallow-sysfs-read-access-to-force-p aram:
libata: don't allow sysfs read access to force param (362599).

- patches.suse/bonding-workqueue: Update to fix a hang when closing a bonding device (342994).

- patches.fixes/mptspi-dv-renegotiate-oops: mptlinux crashes on kernel 2.6.22 (bnc#271749).

- patches.drivers/usb-update-sierra-and-option-device-ids-from

-2.6.25-rc3.patch: USB: update sierra and option device ids from 2.6.25-rc3 (343167).

- patches.arch/x86-nvidia-timer-quirk: Disable again (#302327) The PCI ID lists are not complete enough and let's have the same crap as mainline for this for now.

- patches.fixes/input-add-lenovo-3000-n100-to-nomux.patch:
Input: add Lenovo 3000 N100 to nomux blacklist (bnc#284013).

- patches.suse/bonding-bh-locking: Add missing chunks. The SLES10 SP1 version of the patch was updated in May 2007 but the openSuse 10.3 version was forgotten (260069).

- patches.fixes/knfsd-Allow-NFSv2-3-WRITE-calls-to-succeed-whe n-krb.patch: knfsd: Allow NFSv2/3 WRITE calls to succeed when krb5i etc is used. (348737).

- patches.fixes/md-fix-an-occasional-deadlock-in-raid5.patch: md: fix an occasional deadlock in raid5 (357088).

- patches.drivers/libata-quirk_amd_ide_mode: PCI: modify SATA IDE mode quirk (345124).

- Fix section mismatch build failure w/ gcc 4.1.2. bug #361086.

- patches.drivers/libata-implement-force-parameter:
libata: implement libata.force module parameter (337610).

Lots of XEN Fixes (not detailed listed). Lots of RT Fixes (not detailed listed).

- Update to 2.6.22.18

- removes upstreamed patch :

- patches.fixes/vmsplice-pipe-exploit (CVE-2008-0600)

Solution

Update the affected kernel packages.

See Also

https://bugzilla.novell.com/

Plugin Details

Severity: High

ID: 33253

File Name: suse_kernel-5339.nasl

Version: 1.12

Type: local

Agent: unix

Published: 6/24/2008

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-xenpae, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-bigsmp, cpe:/o:novell:opensuse:10.3, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-xen

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/9/2008

Exploitable With

CANVAS (CANVAS)

Core Impact

Reference Information

CVE: CVE-2007-6282, CVE-2008-0600, CVE-2008-1367, CVE-2008-1375, CVE-2008-1615, CVE-2008-1669, CVE-2008-2136, CVE-2008-2148

CWE: 16, 264, 362, 399, 94